Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust-lang vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1000810
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via...
Rust-lang Rust 1.27.0
Rust-lang Rust 1.26.2
Rust-lang Rust 1.26.1
Rust-lang Rust 1.26.0
Rust-lang Rust 1.27.1
Rust-lang Rust 1.27.2
Rust-lang Rust 1.28.0
Rust-lang Rust 1.29.0
1 Github repository
5.9
CVSSv3
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been ...
Rust-lang Cargo
6.1
CVSSv3
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and before 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may...
Rust-lang Rust
7.5
CVSSv3
CVE-2021-28877
In the standard library in Rust prior to 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
Rust-lang Rust
5.9
CVSSv3
CVE-2017-20004
In the standard library in Rust prior to 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.
Rust-lang Rust
5.3
CVSSv3
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::...
Rust-lang Rust
7.5
CVSSv3
CVE-2019-16760
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may downloa...
Rust-lang Rust
8.1
CVSSv3
CVE-2022-36113
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" ...
Rust-lang Cargo
1 Github repository
6.5
CVSSv3
CVE-2022-36114
Cargo is a package manager for the rust programming language. It exists that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also kn...
Rust-lang Cargo
5.5
CVSSv3
CVE-2020-35920
An issue exists in the socket2 crate prior to 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Rust-lang Socket2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »